NtOpenThread - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
#ifndef _NTPSAPI_H
//
// Threads
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * Opens an existing thread object.
 *
 * @param ThreadHandle A pointer to a handle that receives the thread object handle.
 * @param DesiredAccess The access rights desired for the thread object.
 * @param ObjectAttributes Optional. A pointer to an OBJECT_ATTRIBUTES structure that specifies the attributes of the new thread.
 * @param ClientId Optional. A pointer to a CLIENT_ID structure that specifies the client ID of the thread to be opened.
 * @return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtOpenThread(
    _Out_ PHANDLE ThreadHandle,
    _In_ ACCESS_MASK DesiredAccess,
    _In_ PCOBJECT_ATTRIBUTES ObjectAttributes,
    _In_opt_ PCLIENT_ID ClientId
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwOpenThread(
    _Out_ PHANDLE ThreadHandle,
    _In_ ACCESS_MASK DesiredAccess,
    _In_ PCOBJECT_ATTRIBUTES ObjectAttributes,
    _In_opt_ PCLIENT_ID ClientId
    );

#endif

View code on GitHub

Opens a handle to an existing thread. This function is documented in Windows SDK.

Parameters

Access masks

Access mask Use
THREAD_TERMINATE Allows terminating the thread via NtTerminateThread.
THREAD_SUSPEND_RESUME Allows suspending and resuming the thread via NtSuspendThread and NtResumeThread, respectively.
THREAD_ALERT Allows waking the thread from an alertable wait via NtAlertThread.
THREAD_GET_CONTEXT Allows retrieving the context (set of registers) of the thread via NtGetContextThread.
THREAD_SET_CONTEXT Allows changing the context of the thread via NtSetContextThread and queuing APCs via NtQueueApcThread.
THREAD_SET_INFORMATION Allows setting most information classes via NtSetInformationThread.
THREAD_QUERY_INFORMATION Allows querying most information classes via NtQueryInformationThread.
THREAD_SET_THREAD_TOKEN Allows setting thread impersonation token via NtSetInformationThread with ThreadImpersonationToken.
THREAD_IMPERSONATE Allows using the thread as a server during direct impersonation via NtImpersonateThread.
THREAD_DIRECT_IMPERSONATION Allows using the thread as a client during direct impersonation via NtImpersonateThread.
THREAD_SET_LIMITED_INFORMATION Allows setting some information classes via NtSetInformationThread. The system automatically includes this right if the caller requested THREAD_SET_INFORMATION.
THREAD_QUERY_LIMITED_INFORMATION Allows querying some information classes via NtQueryInformationThread. The system automatically includes this right if the caller requested THREAD_QUERY_INFORMATION.
THREAD_RESUME Allows resuming the thread via NtResumeThread. The system automatically includes this right if the caller requested THREAD_SUSPEND_RESUME.
THREAD_ALL_ACCESS All of the above plus standard rights.

Remarks

This function bypasses some access checks if the caller has the SeDebugPrivilege enabled.

To avoid retaining unused resources, call NtClose to close the returned handle when it is no longer required.

Instead of opening the current thread, consider using the NtCurrentThread pseudo-handle.

Related Win32 API

See also